On Wed, Nov 7, 2012 at 12:33 PM, [email protected] <[email protected]> wrote:
> The problem is that on the edge boxes I can only get to the primary, the > slave is inaccessible. The only difference I can see is which zone the > interface I am trying to access is in, WAN vs LAN. The access rules are the > same on both sets. Is there some reason that would prevent me from > accessing both pfSense boxes while they are in fail over mode from the LAN > side as I have described? Problem is that the VPN can't route to the slave box's internal IP, or the slave can't reply to it or something like that. Basically you just can't reach the slave internal IP via the VPN. What you want to do is add a firewall group, "RemoteManagement" and add your public IPs to it from where you wish to manage the firewalls. Add a group "ManagementPorts" and add ssh and https ports to it, and possibly any others you want. Then make an allow rule FROM RemoteManagement port any to the WAN address port ManagementPorts. I also permit ICMP traffic to the WAN from the RemoteManagement hosts. Now you can manage your firewall fairly securely from designated places. Be sure to use good passwords.
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
